function login($email, $password) {   
	if ($stmt = $mysqli->prepare("SELECT id, pseudo, motDePasse, statut FROM Utilisateur WHERE pseudo = ? LIMIT 1")) {
		$stmt->bind_param('s', $email); // Bind "$email" to parameter.
		$stmt->execute(); // Execute the prepared query.
		$stmt->store_result();
		$stmt->bind_result($user_id, $username, $db_password, $statut); // get variables from result.
		$stmt->fetch();
		$password = md5($password);
      
		if($stmt->num_rows == 1) { // If the user exists
         
        	if($db_password == $password) { // Check if the password in the database matches the password the user submitted. 
            	$user_id = preg_replace("/[^0-9]+/", "", $user_id); // XSS protection as we might print this value
            	$_SESSION['user_id'] = $user_id;
            	$username = preg_replace("/[^a-zA-Z0-9_\-]+/", "", $username); // XSS protection as we might print this value
            	$_SESSION['login'] = $username;
            	// Ajout du statut
            	$_SESSION['statut'] = $statut;
            	$_SESSION['connect'] = true;
            	return true;    
            } else {
            	// Password is not correct
            	// We record this attempt in the database
            	$now = time();
            	$mysqli->query("INSERT INTO login_attempts (user_id, time) VALUES ('$user_id', '$now')");
            	return false;
            }
		
		} else {
        // No user exists. 
        return false;
        }
   }
}